Package com.identityworksllc.iiq.common

Class LdapUtilities

  • public class LdapUtilities
extends Object
    Utilities for dealing with LDAP DNs and other similar concepts

    • Method Detail

      • ldapCleanGroupName

        public static String ldapCleanGroupName​(String groupDN)
                                 throws InvalidNameException
        Extracts the name from an LDAP formatted group name.

        For example, if given CN=AD Group Name,OU=Groups,OU=Security,DC=client,DC=example,DC=com, this method would return “AD Group Name”.

        Parameters:
        groupDN - The group DN
        Returns:
        the group name
        Throws:
        InvalidNameException - if this is not an LDAP name

      • ldapContains

        public static boolean ldapContains​(List<String> container,
                                   String seeking)
        Returns true if the given list of DNs contains a matching DN by RDN.

        This is useful for searching a list of AD groups (e.g., user entitlements) for a given value, without having to worry about differing domain suffixes across dev, test, and prod.

        Equivalent to ldapContains(List, String, int) with a depth of 1.

        Parameters:
        container - A list of candidate DNs
        seeking - The DN (whole or partial) to match
        Returns:
        True if the list contains a matching DN, false if not

      • ldapContains

        public static boolean ldapContains​(List<String> container,
                                   String seeking,
                                   int depth)
        Returns true if the given list of DNs contains a value matching the given ‘seeking’ DN, up to the given depth.
        Parameters:
        container - A list of candidate DNs
        seeking - The DN (whole or partial) to match
        depth - The depth of search
        Returns:
        True if the list contains a matching DN, false if not

      • ldapGetMatch

        public static String ldapGetMatch​(List<String> container,
                                  String seeking)
        Given a list of possible matching DNs (the container), finds the first one that matches the RDN of the ‘seeking’ string.
        Parameters:
        container - A list of candidate DNs
        seeking - The DN we are seeking to match
        Returns:
        The DN matching the search, or null if none is found

      • ldapGetMatch

        public static String ldapGetMatch​(List<String> container,
                                  String seeking,
                                  int depth)
        Given a list of possible matching DNs (the container), finds the first one that matches the ‘seeking’ string up to the given depth.
        Parameters:
        container - A list of candidate DNs
        seeking - The DN we are seeking
        depth - The number of RDN components to match
        Returns:
        The DN matching the search, or null if none is found

      • ldapGetRdn

        public static String ldapGetRdn​(String dn,
                                int size)
                         throws InvalidNameException
        Extracts the first N RDNs from an LDAP formatted DN.

        For example, if given CN=AD Group Name,OU=Groups,OU=Security,DC=client,DC=example,DC=com, and a size of 1, this method would return “CN=AD Group Name”. A size of 2 would produce “CN=AD Group Name,OU=Groups”.

        Parameters:
        dn - The object’s distinguishedName
        size - The number of RDN elements to return
        Returns:
        the first ‘size’ RDNs of the DN
        Throws:
        InvalidNameException - if this is not an LDAP name

      • ldapGetRdn

        public static String ldapGetRdn​(LdapName name,
                                int size)
                         throws InvalidNameException
        Extracts the first N RDNs from an LDAP formatted DN.

        For example, if given CN=AD Group Name,OU=Groups,OU=Security,DC=client,DC=example,DC=com, and a size of 1, this method would return “CN=AD Group Name”. A size of 2 would produce “CN=AD Group Name,OU=Groups”.

        Parameters:
        name - The already-parsed LdapName object
        size - The number of RDN elements to return
        Returns:
        the first ‘size’ RDNs of the DN
        Throws:
        InvalidNameException - if this is not an LDAP name

      • ldapMatches

        public static boolean ldapMatches​(String name,
                                  String otherName)
        Returns true if the first element of the given LDAP name matches the value provided.

        Equivalent to ldapMatches(name, otherName, 1).

        Parameters:
        name - The LDAP name to check
        otherName - The other name to compare against
        Returns:
        True if the names are LDAP DNs and equal ignoring case, otherwise false

      • ldapMatches

        public static boolean ldapMatches​(String name,
                                  String otherName,
                                  int depth)
        Returns true if the given objects match by comparing them as LDAP DNs up to the depth specified.

        For example, the following two DNs will match at a depth of 1, but not a depth of 2.

        CN=Group Name,OU=Groups,DC=test,DC=example,DC=com cn=group name,OU=Administrators,DC=test,DC=example,DC=com

        This is primarily useful with AD environments where the group names will have a suffix varying by domain.

        Parameters:
        name - The first LDAP name
        otherName - The second LDAP name
        depth - The number of DN elements to search for a match (with 1 being the RDN only)
        Returns:
        True if the names are indeed LDAP DNs and equal ignoring case, false otherwise